Virtual Environment Security
Version 10.1.00
Virtual Environment Security
The introduction of an abstraction layer between the physical hardware server and multiple virtualized operating systems running IT services can deliver significant cost savings through server consolidation as well as increased operational efficiency and flexibility. However, because a single physical server can host multiple virtual machines, the security of that server becomes even more important. StorageConsole gathers storage usage and performance data from vCenter and ESX servers. See Virtualization Manager Data Collection Requirements.
Most virtual infrastructures are based on a light-weight kernel (hypervisor) optimized for virtualization such as VMware’s ESX. These kernels are less susceptible to viruses and other problems affecting general-purpose operating systems. However, they are not impervious to attack. One should take proper measures to harden the kernel based on the best practices recommended by the virtual infrastructure software provider. Taking the recommended steps to harden the kernel can ensure that your virtual infrastructure environment is properly secured.
The next area of vulnerability is associated with the virtual machines and the guest operating systems themselves. Security in a virtual environment can be improved by the way one configures virtual machines and their associated operating systems and the way they can interact with virtual machines. Recommendations to enhance the security of virtual machines running in a virtual environment include:
Secure Virtual Machines the Same Way You Secure Physical Machines
A key understanding of the security requirements for virtualized environments is that a virtual machine in most cases is the equivalent of a physical server. The guest operating system that runs in a virtual machine is subject to the same security risks as a physical system. Therefore, it is critical that the same security measures are employed in virtual machines as in physical servers.
Ensure that antivirus, antispyware, intrusion detection and other protection measures are enabled for every virtual machine in your virtual environment. Additionally, ensure that all security measures are up-to-date, including applying appropriate vendor operating system patches. It is very easy to lose track of updates for dormant virtual machines that are powered off. Thus, it is essential to maintain an up-to-date inventory of all virtual machines in the virtual environment, along with their current patch levels.
Disable Unnecessary or Superfluous Functions
One way to reduce the number of areas of vulnerability is by disabling system components that are not needed to support the application or service running on the virtual machine. These include:
Disable unused services in the guest operating system (e.g., disabling web services for virtual machine applications not accessing the web)
Disconnect unused “physical” devices and interfaces contained in the virtual machine (CDs, DVDs, USBs)
Turn off the windowing system and screen savers unless absolutely necessary (e.g., X-Windows in Linux or Solaris guest operating systems).
Take Advantage of Templates
Most virtual infrastructure environments offer a mechanism for making templates of virtual machines. Capturing a hardened base operating system image with no applications installed in a template ensures all virtual machines created from this template have a known baseline level of security. This, however, does not eliminate the requirement to keep patches and security measures up-to-date for each template.
Prevent Virtual Machines from Taking Over Resources
Using the resource management facilities offered by the virtual infrastructure, such as shares and limits, one can control the server resources a virtual machine consumes. This mechanism can prevent a denial of service caused by one virtual machine “hogging” the physical server resources such that the other virtual machines on the same physical server cannot perform their intended functions. Monitoring all running virtual machines for unusual or unexpected performance situations is recommended.
Isolate Virtual Machine Networks
Virtual machines are typically connected to shared networks. These virtual machines are susceptible to the same types of network attacks as physical servers. To minimize network threats one should employ the same network best practices to harden the network interfaces of the virtual machines on a network. Two approaches commonly used are to separate the physical network adapters through use of virtual switches or to set up virtual local area networks (VLANs) to help safeguard the network.
Minimize Use of the Guest Operating System Console Interface
Surprisingly, one of the biggest vulnerabilities in virtual infrastructures is the virtual machine console interface. Disabling or limiting the virtual machine’s console is strongly recommended. Instead, one should use the native remote management services, such as terminal services and ssh, to interact with virtual machine operating systems.
Virtualization Manager Data Collection Requirements
The Virtualization Manager Data Collector uses the VMware Infrastructure SDK to make XML API calls over HTTP to retrieve the data from vCenter or the ESX servers.
Virtualization Manager requires the following access for data collection:
View-only VMware User ID that has a role with the following privileges:
Browse Datastore
Assign the user to the root-level folder permissions of vCenter.